[1] |
CNCERT/CC. CNCERT互联网安全威胁报告[R]. 2011.CNCERT/CC. CNCERT Internet Security Threat Report[R]. 2011.
|
[2] |
CNCERT/CC. CNCERT网络安全信息与动态周报[R]. 通信学报, 2013.CNCERT/CC. Weekly Report of CNCERT[R]. 2013.
|
[3] |
GU G F , YEGNESWARAN V , PORRAS P , et al. Active botnet prob-ing to identify obscure command and control channels[A]. Proc of ACSAC '09[C]. Honolulu, HI, 2009.241-253.
|
[4] |
XU Z Y , CHEN L F , GU G F , et al. Utilizing enemies' P2P strength against them[A]. Proc ACM CCS'12[C]. Raleigh, NC, USA, 2012.581-592.
|
[5] |
STRAYER W T , WALSH R , LIVADAS C , et al. Detecting botnets with tight command and control[A]. 31st IEEE Conference on Local Computer Networks (LCN'06)[C]. Tampa, FL, 2006.195-202.
|
[6] |
KARASARIDIS A , REXROAD B , HOEFLIN D . Wide-scale botnet detection and characterization[A]. USENIX Hotbots'07[C]. Cam-bridge, MA, 2007.7.
|
[7] |
GOEBEL J , HOLZ T . Rishi: identify bot contaminated hosts by IRC nickname evaluation[A]. USENIX Workshop on Hot Topics in Under-standing Botnets (HotBots'07)[C]. Cambridge, MA, 2007.8.
|
[8] |
GU G , PORRAS P , YEGNESWARAN V , et al. Bothunter: detecting malware infection through IDS-driven dialog correlation[A]. 16th USENIX Security Symposium (Security'07)[C]. Boston, MA, 2007.12.
|
[9] |
GU G , ZHANG J , LEE W . BotSniffer: detecting botnet command and control channels in network traffic[A]. Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)[C]. San Diego, CA, USA, 2008.17.
|
[10] |
GU G , PERDISCI R , ZHANG J , et al. BotMiner: clustering analysis of network traffic for protocol- and structureindependent botnet detec-tion[A]. Proceedings of the 17th USENIX Security Symposium (Secu-rity'08)[C]. San Jose, CA, USA, 2008.139-154.
|
[11] |
YEN T F , REITER M . Traffic aggregation for malware detection. assessment[A]. Proc of the Detection of Intrusions and Malwar, and Vulnerability[C]. Heidelberg, Berlin: Springer-Verlag, Paris, France, 2008.207-227.
|
[12] |
GIANVECCHIO S , XIE M , WU Z , et al. Measurement and classifica-tion of humans and bots in internet chat[A]. Proceedings of the 17th USENIX Security Symposium (Security' 08)[C]. San Jose, CA, USA, 2008.155-169.
|
[13] |
CABALLERO J , YIN H , LIANG Z , et al. Polyglot: automatic extrac-tion of protocol message format using dynamic binary analysis[A]. ACM Conference on Computer and Communications Security[C]. Alexandria, VA, 2007.317-329.
|
[14] |
CUI W , KANNAN J , WANG H J . Discoverer: automatic protocol description generation from network traces[A]. USENIX Security Symposium[C]. Boston, MA, 2007.14.
|
[15] |
LIN Z , JIANG X , XU D , et al. Automatic protocol format reverse engineering through context-aware monitored execution[A]. Network and Distributed System Security Symposium[C]. San Diego, CA, 2008.17.
|
[16] |
BEDDOE M A . Network protocol analysis using bioinformatics algo-rithms. .
|
[17] |
CUI W , PEINADO M , CHEN K , et al. Tupni: automatic reverse engi-neering of input formats[A]. ACM Conference on Computer and Communications Security[C]. Alexandria, VA, 2008.391-402.
|
[18] |
WONDRACEK G , COMPARETTI P M , KRUEGEL C , et al. Auto-matic network protocol analysis[A]. Network and Distributed System Security Symposium[C]. San Diego, CA, 2008.16.
|
[19] |
COMPARETTI P M , WONDRACEK G , KRUEGEL C , et al. Prospex:protocol specification extraction[A]. IEEE Symposium on Security and Privacy[C]. Oakland, CA, 2009.110-125.
|
[20] |
LEITA C , MERMOUD K , DACIER M . ScriptGen: an automated script generation tool for Honeyd[A]. Annual Computer Security Ap-plications Conference[C]. Tucson, AZ, 2005.203-214.
|
[21] |
CABALLERO J , POOSANKAM P , SONG D , et al. Dispatcher: ena-bling active botnet infiltration using automatic protocol reverse- engi-neering[A]. Proc of CCS'09[C]. Chicago, IL, USA, 2009.621-634.
|
[22] |
DASWANI N , STOPPELMAN M . The anatomy of clickbot[A]. Proc of the 1st Conf on First Workshop on Hot Topics in Understanding Botnets[C]. Boston, MA, USA, 2007.11.
|
[23] |
MILLER B , PEARCE P , GRIER C , et al. What's clicking what? Tech-niques and innovations of today's clickbots[A]. Proc of the Detection of Intrusions and Malware, and Vulnerability Assessment[C]. Amster-dam, Netherlands, 2011.11.
|
[24] |
DITTRICH D , DIETRICH S . Discovery Techniques for P2P Botnets, Technical Report[R]. 2008.
|
[25] |
KARTALTEPE E , MORALES J , XU S H , et al. Social network-based botnet command-and-control: emerging threats and countermea-sures[A]. Proc of the Applied Cryptography and Network Security[C]. Beijing, China, 2010.511-528.
|
[26] |
HOLZ T , GORECKI C , RIECK K , et al. Measuring and detecting fast-flux service networks[A]. Proc of the 15th Annual Network and Distributed System Security Symp[C]. San Diego, CA, 2008.19.
|
[27] |
江健, 诸葛建伟, 段海新 等. 僵尸网络机理与防御技术[J]. 软件学报, 2012,23(1):82-96. JIANG J , ZHUGE J W , DUAN H X , et al. Research on botnet mecha-nisms and defenses[J]. Journal of Software, 2012,23(1):82-96.
|